skills/av/skills/ideate/Gen Agent Trust Hub

ideate

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates untrusted user input (topics and external file content) directly into subagent prompts (Proposer and Critic) without using boundary markers or "ignore embedded instructions" warnings.
  • Ingestion points: User-provided topic and context (codebase paths/files) are used to populate subagent prompts in SKILL.md.
  • Boundary markers: Absent. The Proposer and Critic prompts directly embed external strings and file content from /tmp without delimiters.
  • Capability inventory: Shell command execution (date) and local file read/write access are required for the ideation workflow.
  • Sanitization: No sanitization or validation of user-provided strings is mentioned in the instructions.
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands (specifically date +%s) to manage the ideation timer. Additionally, it uses user-supplied strings (the topic-slug) to construct file paths in the /tmp directory. This creates a potential command or argument injection surface if the underlying agent implementation executes these operations via a shell without prior sanitization of user inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:40 AM
Security Audit — agent-trust-hub — ideate